Cybercrime is one of the most crucial problems faced by the countries across the globe these days. It includes unauthorized access of information and break security like privacy, password, etc. of any person with the use of internet. Cyber theft is a part of cybercrime which means theft carried out by means of computers or the Internet.
The most common types of cyber theft include identity theft, password theft, theft of information, internet time thefts etc.
Identity theft pertains to illegally obtaining of someone's personal information which defines one's identity for economic benefit. It is the commonest form of cyber theft. Identity theft can take place whether the fraud victim is alive or deceased. Creating a fake account or impersonation by creating multiple email-ids has become quite common and has resulted in commission of fraud in order to obtain any such information which can be used by cyber criminals to take over the victim's identity to commit myriad crimes. The advancement of technology has made things much easier as it is much difficult to track the person impersonating as Internet and online transactions provides a kind of anonymity and privacy to an individual.
There are various techniques through which data theft could be committed and personal information could be procured from electronic devices. These are as follows: -
- Hacking- The persons known as hackers unscrupulously break into the information contained in any other computer system. Section 66 deals with the offence of unauthorized access to the computer resource and defines it as "Whoever with the purpose or intention to cause any loss, damage or to destroy, delete or to alter any information that resides in a public or any person's computer. Diminish its utility, values or affects it injuriously by any means, commits hacking." The offence of hacking is a violation of one's fundamental right to privacy as provided by the Constitution. It is a method wherein viruses or worms like malware divert information from another computer system by decrypting it to the hacker who after obtaining the information either use it themselves or give it to others to commit fraud using such information.
- Phishing- It uses fake email-ids or messages containing viruses affected websites. These infected websites urge people to enter their personal information such as login information, account's information.
- E-Mail/SMS Spoofing- The spoofed e-mail is one which shows its origin to be different from where it actually originated. In SMS spoofing, the offender steals identity of another person in the form of phone number and sending SMS via internet and the receiver gets the SMS from the mobile number of the victim.
- Carding- The cyber criminals makes unauthorized use of the ATM debit and credit cards to withdraw money from the bank accounts of the individual.
- Vishing- The cyber-criminal calls the victim by posing to be a bank representative or call center employee, thereby fooling them to disclose crucial information about their personal identity.
Internet time theft
It refers to the theft in a manner where the unauthorized person uses internet hours paid by another person. The authorized person gets access to another person's ISP user ID and password, either by hacking or by illegal means without that person's knowledge.
Theft of intellectual property
Intellectual property (IP) theft is defined as theft of material that is copyrighted, the theft of trade secrets, and trademark violations etc. One of the most commonly and dangerously known consequence of IP theft is counterfeit goods and piracy.
Laws governing identity thefts in India
The crime of identity theft consists of two steps:
- Wrongful collection of personal identity of an individual
- Wrongful use of such information with an intention of causing legal harm to that person information
An identity theft involves both theft and fraud, therefore the provisions with regard to forgery as provided under the Indian Penal Code, 1860 (IPC) is often invoked along with the Information Technology Act, 2000. Some of the Sections of IPC such as forgery (Section 464), making false documents (Section 465), forgery for purpose of cheating (Section 468), reputation (Section 469), using as genuine a forged document (Section 471) and possession of a document known to be forged and intending to use it as genuine (Section 474) can be coupled with those in the IT Act.
The Information Technology Act, 2000 (IT Act) is the main act which deals with the legislation in India governing cybercrimes. Some of the Sections dealing with Cyber Theft are: -
- Section 43 If any person without permission of the owner damages to computer, computer system, etc. he/she shall be liable to pay compensation to the person so affected.
- Section 66 If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.
- Section 66B Punishment for dishonestly receiving stolen computer resource or communication device is Imprisonment for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.
- Section 66C provides for punishment for Identity theft as: Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine with may extend to rupees one lakh.
- Section 66 D on the other hand was inserted to punish cheating by impersonation using computer resources.
With the increase in the number of frauds and cyber related crime, the government is coming up with refined regulations to protect the interest of the people and safeguard against any mishappenning on the internet. Further, stronger laws have been formulated with respect to protection of "sensitive personal data" in the hands of the intermediaries and service providers (body corporate) thereby ensuring data protection and privacy.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.